WinRAR has a critical security bug: here is the fix
WinRAR is a very popular software to create and extract archives on Windows and other supported operating systems. Part of its popularity comes from its support for different types of packing formats, another that the software's trial version never expires.
A bug was discovered recently that affects all versions of WinRAR prior to 5.70. The bug, a remote code execution vulnerability, affects all WinRAR versions and thus all 500 million users that use the application.
Security researchers discovered a flaw in a library that WinRAR uses to extract files from archives packed with the ACE format.
Attackers can exploit the vulnerability by pushing specially prepared archives to user systems. The bug can be abused to extract the files into any folder on the system instead of the folder selected by the user or the default folder for extracted files.
Tip: Find out how to repair and extract broken WinRAR archives.
Attackers could select to extract files to Windows' startup folder so that programs are executed on the next start of the system.
The researchers published a video that demonstrates the exploit.
WinRAR uses the content of the file to determine the archive format that was used to compress the files; means, it is not enough to avoid any ACE files for the time being. Attackers could rename ACE files to RAR or ZIP, and WinRAR would handle them just fine.
The library that is responsible for the behavior is UNACEV2.DLL. The maker of WinRAR removed the file from the latest Beta version of WinRAR 5.70. Users can upgrade to the Beta version to protect their devices from the security issue.
Policies may prevent the installation of Beta software on devices, and some Home users might not want to install Beta software either on their computer systems.
These users and administrators may delete the vulnerable file, UNACEV2.DLL from the WinRAR directory to protect the device from the issue. Here is how that is done:
- Open Explorer on the Windows PC.
- Go to C:\Program Files\WinRAR if you run a 64-bit version of WinRAR.
- Go to C:\Program Files (x86)\WinRAR if you run a 32-bit version of WinRAR.
- Locate the file UNACEV2.DLL and either rename it or delete it.
- To delete: select the file UNACEV2.DLL and delete it either with a right-click and the selection of Delete from the context menu, or by using the Del key on the keyboard.
- To rename: right-click on the file and select rename.
- Restart the PC.
Note: This removes the option to extract ACE files using WinRAR.
I could not find information on the popularity of the ACE format. I remember that it was quite popular (and controversial) more than a decade ago.